package org.dochandler.esfinge.guardian.authorizer;

import org.dochandler.service.domain.Document;
import org.dochandler.service.domain.Officer;
import org.dochandler.service.domain.Rank;
import org.dochandler.service.domain.Sensitivity;
import org.dochandler.service.domain.annotation.TopSecretDocCreation;
import org.dochandler.service.domain.constants.Constants;
import org.dochandler.service.exception.DocumentNotDefinedException;
import org.dochandler.service.exception.OfficerNotDefinedException;
import org.esfinge.guardian.authorizer.Authorizer;
import org.esfinge.guardian.context.AuthorizationContext;

public class TopSecretDocCreationAuthorizer implements Authorizer<TopSecretDocCreation> {

	@Override
	public Boolean authorize(AuthorizationContext context, TopSecretDocCreation securityAnnotation) {
		
		Officer officer = context.getSubject().get( Constants.OFFICER.val(), Officer.class );
		if (officer == null) 
			throw new OfficerNotDefinedException("An officer must be defined at the appropriate scope");
		
		Document document = context.getResource().get( Constants.DOCUMENT.val(), Document.class );
		if (document == null) 
			throw new DocumentNotDefinedException("A document must be defined at the appropriate scope");
		
		if (document.getSensitivity() == Sensitivity.TOP_SECRET)  {
			if (officer.getRank().ordinal() < Rank.BRIGADIER.ordinal() )  {
				return false;
			}
		}
		return true;
	}

}